lwip-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #36561] Some netifapi functions handle pointers to sta


From: Mason
Subject: [lwip-devel] [bug #36561] Some netifapi functions handle pointers to stale objects
Date: Wed, 30 May 2012 13:43:29 +0000
User-agent: Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20120429 Firefox/12.0 SeaMonkey/2.9.1

URL:
  <http://savannah.nongnu.org/bugs/?36561>

                 Summary: Some netifapi functions handle pointers to stale
objects
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: mason
            Submitted on: Wed 30 May 2012 01:43:28 PM GMT
                Category: None
                Severity: 3 - Normal
              Item Group: Faulty Behaviour
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: 
            lwIP version: 1.4.0

    _______________________________________________________

Details:

I think there's a bug in
netifapi_netif_add
netifapi_netif_set_addr

These functions receive pointers to ip_addr_t objects
(ipaddr, netmask, gw) which likely "live" on the stack.
The pointers are copied to a message, which is posted
to the tcpip_thread.

When the tcpip_thread receives the message, the thread
that requested the operation has likely moved on, and
the ip_addr_t objects no longer exist. The pointers to
these objects are thus invalid.

Proposed solution (untested): in struct netifapi_msg_msg,
we could store the actual ip_addr_t objects, instead of
pointers to these objects.





    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?36561>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/




reply via email to

[Prev in Thread] Current Thread [Next in Thread]